The cookieless cliff is now
Chrome finished its third-party cookie deprecation rollout. Apple's ATT and Mail Privacy Protection have already gutted retargeting and email open rates. iOS continues to chip away at fingerprinting.
For most performance teams, the result is brutal: shrinking lookalike audiences, broken attribution, ballooning CPAs. The fix isn't a new ad channel - it's owning your data.
The minimum viable first-party stack
You don't need a CDP that costs €100k/year. You need four layers that talk to each other:
- Identity - a stable internal user ID (not the email) that follows users across web, app and offline.
- Capture - server-side tagging (GTM Server Container, Stape, or self-hosted) so you keep collecting signal when browsers block JS.
- Storage - a warehouse (BigQuery, Snowflake, Postgres) holding events, customers, orders and consent state in one place.
- Activation - reverse ETL (Hightouch, Census) to push audiences back into Meta, Google, Klaviyo, TikTok with consent applied.
That stack runs lean - €1k-€5k/month at SMB scale.
Consent is part of the product
Under the EU's Consent Mode v2 and DSA enforcement, sending data to Meta/Google without proper consent signals is now a financial risk, not just a legal one. Bake consent state into every event from day one - backfilling is a nightmare.
What this enables
With the stack above you can run:
- Server-side conversion APIs (CAPI, Enhanced Conversions) - recovering 15-40% of "lost" conversions.
- Predictive LTV scoring - bid more on the customers who actually pay back.
- Owned-audience retargeting via email and SMS - channels Apple and Google don't control.
The brands building this in 2026 will compound. The ones that wait will be paying premium CPMs to fish in the same shrinking pond.
